PKIWorks™ Essentials
With PKIWorks™ Essentials, the certificate provisioning process is automated, offering direct response by the provisioning server to device certificate signing requests (CSRs). CommScope provides a device client application to facilitate cryptographic operations and offering additional protection for private keys, if needed. It ensures secure delivery and installation of certificates, seamlessly pairing them with their corresponding private keys on devices. By protecting your devices, confidently issuing, and distributing certificates, PKIWorks™ Essentials establishes a comprehensive end-to-end solution for your organization.
Simplify Security Integration and Fortify Your Devices
Whether your chip/device has built-in key pair generation and protection capabilities, CommScope provides a device provisioning client application (DPCA) that can simplify the integration process while ensuring the utmost security for your sensitive private key information. The DPCA triggers the key pair generation, sends a CSR message to the PKIWorks™ Essentials Provisioning Server, and validates the received certificate to ensure it matches the generated key pair. After successfully storing the certificates, it securely binds the key to the specific device, rendering any copy of device keys unusable.
Empower IoT Efficiency: Provisioning Perfected for Resource-Limited Devices
Engineered for optimal performance in low-resource environments, the device provisioning client application (DPCA) has a small footprint and low RAM requirement. For devices without built-in key generation and protection capabilities, our CipherKnight™ technology generates and protects keys using white-box cryptography while adding only modestly to the memory requirements.
Revitalize Your Devices with Enhanced Certificate Solutions
The PKIWorks™ Essentials addresses a wide range of use cases and challenges in the field: whether your devices needing additional certificates to support new applications, experiencing service disruptions due to expired certificates, or vulnerable to cyber-attacks due to outdated keys and certificates. Our end-to-end solution ensures swift provisioning and renewal of certificates, keeping your devices secure and operational. With our solution, you can eliminate certificate-related obstacles, enhance device performance, and maintain a strong defense against cyber threats.
Optimize Resources and Accelerate Your Production
CommScope offers two options to integrate our device provisioning client application (DPCA) seamlessly with your existing codebase, providing either the source code or a library. By significantly reducing your customers' development resources and time, we expedite the integration process, allowing you to complete your development within an estimated timeframe of 1 to 4 weeks. Our commitment extends beyond integration as we provide engineering support for user acceptance testing and facilitate all necessary tests for a successful production launch, including factory engineering pilot run (EPR), pre-production run (PPR), and volume production. By leveraging our expertise, we can assist in reducing your resource and time investment from design to full-scale production.
Flexibility and Control Amplified: Your Secure Path, Your Choice!
PKIWorks Essentials provisioning server offers flexible deployment options to cater to your specific needs. You can take advantage of our already deployed instances in the CommScope Cloud or opt for a public cloud deployment or on-premises installation. Additionally, you have the freedom to choose whether CommScope fully manages the provisioning server, or you manage it yourself.
As your trusted partner, we understand the importance of finding the optimal solution that aligns with your budget, volume requirements, manufacturing settings, available resources, and skill sets needed for effective security management. Our team will closely collaborate with you to assess these factors and guide you towards the best deployment options.
Harmonize with the Existing Standard APIs
PKIWorks™ Essentials also supports automated certificate issuance, renewal, and replacement through standard interfaces like ACME, CMPv2, EST, and SCEP, or a custom RESTful interface. By supporting these standard interfaces, This allows companies that already have existing implementations utilizing these interfaces to seamlessly integrate with the solution. This integration ensures compatibility and interoperability with the company's current systems, enabling a smooth transition and leveraging the existing infrastructure and processes. Alternatively, to fully take advantage of the device-side security features provided by the device provisioning client application (DPCA), we highly recommend that you adopt the complete PKIWorks™ Essentials solution.
Fortified Infrastructure for Limitless and Uninterrupted Expansion
The PKIWorks™ Essentials provisioning infrastructure incorporates a high availability architecture with a cluster of frontend machines that are Internet facing to receive and pre-process provisioning requests. Sensitive and secure operations are performed by the backend servers, where the secure database and hardware security modules (HSMs) are located, ensuring utmost security. In addition, we have implemented a disaster recovery site that serves as a backup and failover mechanism.
Our comprehensive security framework combines a range of advanced measures to safeguard against malicious attacks. These include the implementation of firewalls, system hardening, continuous security scanning and patching, intrusion detection/prevention systems (IDS/IPS), and strict adherence to recommended security practices. Moreover, we employ hardware-based load balancers to efficiently distribute workloads across the frontend-backend machine pairs, delivering the necessary performance and enabling smooth calability of our provisioning service.
Learn More
To learn more about our PKIWorks™ Essentials solution, please click to download the white paper.